Update of '.ssh/authorized_keys' file with Gitea SSH keys fails due to changing permission of folder (owner: root) #13970

New Issue

GiteaMirror · 2025-11-02T10:58:45-06:00

GiteaMirror commented

2025-11-02 10:58:45 -06:00

Originally created by @TomJunker on GitHub (Jan 12, 2025).

Description

TL;DR: The use of ssh fails every time WSL restarts. The reasons is, that /data/git/.ssh is reset to owner of root:root after changing it to git:git. However, gitea seems to be the only container that shows such behavior.

From the Maintenance board using "Update the '.ssh/authorized_keys' file with Gitea SSH keys." leads to

Started Task: Update the '.ssh/authorized_keys' file with Gitea SSH keys.

However, in the "Cron Tasks" it shows a failed attempt and the following error:

Error in Task: Update the '.ssh/authorized_keys' file with Gitea SSH Keys.: open /data/git/.ssh/authorized_keys.temp: permission denied

In the log the following is shown:

2025/01/12 15:09:28 ...rvices/cron/tasks.go:152:GetTask() [I] Getting resync_all_sshkeys in &{{0 0} resync_all_sshkeys 0xc0009fbaa0 0x2980240 error open /data/git/.ssh/authorized_keys.tmp: permission denied MyGitUserName 1 2025-01-12 15:07:17.708671986 +0100 CET m=+10.380004079}

2025/01/12 15:09:28 ...eb/routing/logger.go:102:func1() [I] router: completed POST /-/admin for 172.172.0.1:0, 303 See Other in 2.1ms @ admin/admin.go:153(admin.DashboardPost)

A temporary fix is to enter the container:

docker exec -it gitea /bin/sh

and change permission from root:root to git

chown git:git /data/git/.ssh

This fix works even when the container restarts. However, every now and then the whole server and/or WSL have to restart, too. Then the permission is back to root:root:

Gitea Version

1.23.1

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

see Description

Screenshots

No response

Git Version

2.47.1

Operating System

Windows 10 22H2

How are you running Gitea?

Docker Desktop v4.37.1 started from docker-compose:

services:
  gitea:
    image: gitea/gitea:latest
    container_name: gitea
    environment:
      - TZ=Europe/Berlin
      - USER_UID=1000
      - USER_GID=1000
      - GITEA__database__DB_TYPE=postgres
      - GITEA__database__HOST=${GITEA__database__HOST}
      - GITEA__database__NAME=${GITEA__database__NAME}
      - GITEA__database__USER=${GITEA__database__USER}
      - GITEA__database__PASSWD=${GITEA__database__PASSWD}
      - GITEA__server__SSH_PORT=22
      - GITEA__server__ROOT_URL=https://gitea.${PRIVATE_DOMAIN}
      - GITEA__repository__DEFAULT_BRANCH=master
      - GITEA__service__DISABLE_REGISTRATION=True
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.gitea-secure.entrypoints=https"
      - "traefik.http.routers.gitea-secure.rule=Host(`gitea.${PRIVATE_DOMAIN}`)"
      - "traefik.http.routers.gitea-secure.tls=true"
      - "traefik.http.routers.gitea-secure.tls.certresolver=cloudflare"
      - "traefik.http.routers.gitea-secure.middlewares=authentik@file" 
      - "traefik.http.services.gitea-secure.loadbalancer.server.port=3000"
      - "traefik.http.services.gitea-secure.loadbalancer.server.scheme=http"
    networks:
      homelab_backend: 
        ipv4_address: 172.172.0.66
    ports:
      - "22:22"
    restart: unless-stopped
    volumes:
      - gitea_data:/data

networks:
  homelab_backend:
    name: homelab_backend
    external: true

volumes:
  gitea_data:
    name: gitea_data

Database

PostgreSQL

Originally created by @TomJunker on GitHub (Jan 12, 2025). ### Description TL;DR: The use of ssh fails every time WSL restarts. The reasons is, that /data/git/.ssh is reset to owner of root:root after changing it to git:git. However, gitea seems to be the only container that shows such behavior. From the Maintenance board using "Update the '.ssh/authorized_keys' file with Gitea SSH keys." leads to ``` Started Task: Update the '.ssh/authorized_keys' file with Gitea SSH keys. ``` However, in the "Cron Tasks" it shows a failed attempt and the following error: ``` Error in Task: Update the '.ssh/authorized_keys' file with Gitea SSH Keys.: open /data/git/.ssh/authorized_keys.temp: permission denied ``` In the log the following is shown: ```bash 2025/01/12 15:09:28 ...rvices/cron/tasks.go:152:GetTask() [I] Getting resync_all_sshkeys in &{{0 0} resync_all_sshkeys 0xc0009fbaa0 0x2980240 error open /data/git/.ssh/authorized_keys.tmp: permission denied MyGitUserName 1 2025-01-12 15:07:17.708671986 +0100 CET m=+10.380004079} 2025/01/12 15:09:28 ...eb/routing/logger.go:102:func1() [I] router: completed POST /-/admin for 172.172.0.1:0, 303 See Other in 2.1ms @ admin/admin.go:153(admin.DashboardPost) ``` A temporary fix is to enter the container: ```bash docker exec -it gitea /bin/sh ``` and change permission from root:root to git:git: ```bash chown git:git /data/git/.ssh ``` This fix works even when the container restarts. However, every now and then the whole server and/or WSL have to restart, too. Then the permission is back to root:root: ### Gitea Version 1.23.1 ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist see Description ### Screenshots _No response_ ### Git Version 2.47.1 ### Operating System Windows 10 22H2 ### How are you running Gitea? Docker Desktop v4.37.1 started from docker-compose: ```yml services: gitea: image: gitea/gitea:latest container_name: gitea environment: - TZ=Europe/Berlin - USER_UID=1000 - USER_GID=1000 - GITEA__database__DB_TYPE=postgres - GITEA__database__HOST=${GITEA__database__HOST} - GITEA__database__NAME=${GITEA__database__NAME} - GITEA__database__USER=${GITEA__database__USER} - GITEA__database__PASSWD=${GITEA__database__PASSWD} - GITEA__server__SSH_PORT=22 - GITEA__server__ROOT_URL=https://gitea.${PRIVATE_DOMAIN} - GITEA__repository__DEFAULT_BRANCH=master - GITEA__service__DISABLE_REGISTRATION=True labels: - "traefik.enable=true" - "traefik.http.routers.gitea-secure.entrypoints=https" - "traefik.http.routers.gitea-secure.rule=Host(`gitea.${PRIVATE_DOMAIN}`)" - "traefik.http.routers.gitea-secure.tls=true" - "traefik.http.routers.gitea-secure.tls.certresolver=cloudflare" - "traefik.http.routers.gitea-secure.middlewares=authentik@file" - "traefik.http.services.gitea-secure.loadbalancer.server.port=3000" - "traefik.http.services.gitea-secure.loadbalancer.server.scheme=http" networks: homelab_backend: ipv4_address: 172.172.0.66 ports: - "22:22" restart: unless-stopped volumes: - gitea_data:/data networks: homelab_backend: name: homelab_backend external: true volumes: gitea_data: name: gitea_data ``` ### Database PostgreSQL

GiteaMirror added the issue/needs-feedback label 2025-11-02 10:58:45 -06:00

GiteaMirror closed this issue

2025-11-02 10:58:45 -06:00

GiteaMirror commented

2025-11-02 10:58:46 -06:00

@wxiaoguang commented on GitHub (Jan 13, 2025):

WSL has many non-standard behaviors and I guess it's not Gitea's problem ..........

@wxiaoguang commented on GitHub (Jan 13, 2025): WSL has many non-standard behaviors and I guess it's not Gitea's problem ..........

GiteaMirror commented

2025-11-02 10:58:46 -06:00

@GiteaBot commented on GitHub (Feb 12, 2025):

We close issues that need feedback from the author if there were no new comments for a month. 🍵

@GiteaBot commented on GitHub (Feb 12, 2025): We close issues that need feedback from the author if there were no new comments for a month. :tea:

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#13970